[Samba] Adding LDAP Backend to Samba

J. Echter j.echter at elektro-mayer-echter.de
Thu Feb 3 12:26:25 MST 2011


im trying to use our LDAP server as backend for Samba (PDC).

I used smbldap-tools to transfer samba users to our LDAP server.

Now i have ou=computers, ou=idmap, ou=smb-usr and ou=groups.

I added the following to my smb.conf

   ldap passwd sync = yes
   passdb backend = ldapsam:ldap://localhost
   ldap suffix = dc=workgroup,dc=local
   ldap admin dn = cn=admin,dc=workgroup,dc=local
   ldap machine suffix = ou=computers
   ldap user suffix = ou=smb-usr
   ldap group suffix = ou=groups
   ldap idmap suffix = ou=idmap
   ldap ssl = no
   # Scripts for Samba to use if it creates users, groups, etc.
   add user script = /usr/sbin/smbldap-useradd -m '%u'
   delete user script = /usr/sbin/smbldap-userdel %u
   add group script = /usr/sbin/smbldap-groupadd -p '%g'
   delete group script = /usr/sbin/smbldap-groupdel '%g'
   add user to group script = /usr/sbin/smbldap-groupmod -m '%u' '%g'
   delete user from group script = /usr/sbin/smbldap-groupmod -x '%u' '%g'
   set primary group script = /usr/sbin/smbldap-usermod -g '%g' '%u'
   # Script that Samba users when a PC joins the domain ..
   # (when changing 'Computer Properties' on the PC)
   add machine script = /usr/sbin/smbldap-useradd -w '%u'

but im still not able to login.

I saw that there are users and computers all in ou=groups (cn=pc1$) and
also in ou=computers (uid=pc1$) is this correcto?

unfortunately i'm no samba expert either ldap :)

thanks for helping.



More information about the samba mailing list